From: Ariadne Conill <ariadne@dereferenced.org>
To: musl@lists.openwall.com
Subject: Re: [musl] [PATCH] implement recallocarray(3)
Date: Sat, 01 Aug 2020 11:51:23 -0600 [thread overview]
Message-ID: <1761243.52O7J0OIYB@petrie> (raw)
In-Reply-To: <20200801174640.GX6949@brightrain.aerifal.cx>
Hello,
On Saturday, 1 August 2020 11:46:41 MDT Rich Felker wrote:
> On Sat, Aug 01, 2020 at 10:23:35AM -0600, Ariadne Conill wrote:
> > On Saturday, 1 August 2020 09:52:28 MDT Markus Wichmann wrote:
> > > On Sat, Aug 01, 2020 at 08:46:58AM -0600, Ariadne Conill wrote:
> > > > +void *recallocarray(void *ptr, size_t om, size_t m, size_t n)
> > > > +{
> > > > + void *newptr;
> > > > + size_t old_size, new_size;
> > > > +
> > > > + if (n && m > -1 / n) {
> > > > + errno = ENOMEM;
> > > > + return 0;
> > > > + }
> > > > + new_size = m * n;
> > > > +
> > > > + if (n && om > -1 / n) {
> > > > + errno = EINVAL;
> > > > + return 0;
> > > > + }
> > > > + old_size = om * n;
> > > > +
> > > > + if (new_size <= old_size) {
> > > > + memset((char *) ptr + new_size, 0, old_size - new_size);
> > > > + }
> > > > +
> > > > + newptr = reallocarray(ptr, m, n);
> > > > + if (new_size > old_size) {
> > > > + memset((char *) ptr + old_size, 0, new_size - old_size);
> > > > + }
> > > > +
> > > > + return newptr;
> > > > +}
> > >
> > > Is there a reason for the call to reallocarray? The multiplication m * n
> > > has already been tested for overflow and executed at that point. Might
> > > as well just call realloc() there, right?
> >
> > Good catch. I decided to use reallocarray() simply for clarity, but I can
> > change it to a realloc() call.
>
> I'm also confused why the old size has to be checked at all. There's
> inherently a contract that the old size be correct for the existing
> allocation; if it's not, the wrong number of members will be zeroed.
> Checking whether om*n overflows does not change this and does not
> catch the more general case where om is wrong.
>
> Is the EINVAL behavior from OpenBSD, and if so, do they have a
> rationale for it?
Yes, EINVAL is mentioned in the man page.
If ptr is not NULL and multiplying oldnmemb and size results in
integer overflow recallocarray() returns NULL and sets errno to
EINVAL.
They do not mention any rationale for returning EINVAL here, but they do clear
any memory before reclaiming it on a shrink, so that may be related. We could
remove the check, but I added the check to be consistent with OpenBSD.
Ariadne
prev parent reply other threads:[~2020-08-01 18:15 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-01 14:46 Ariadne Conill
2020-08-01 15:52 ` Markus Wichmann
2020-08-01 16:23 ` Ariadne Conill
2020-08-01 17:46 ` Rich Felker
2020-08-01 17:51 ` Ariadne Conill [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1761243.52O7J0OIYB@petrie \
--to=ariadne@dereferenced.org \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).